├── .gitattributes ├── .github ├── FUNDING.yml ├── dependabot.yml ├── pull_request_template.md └── workflows │ ├── pr_comment.yml │ └── validate-owasp-metadata.yaml ├── .gitignore ├── 404.html ├── Gemfile ├── README.md ├── _config.yml ├── _data ├── latest.yaml ├── ow_attributions.json ├── stable.yaml ├── v41.yaml └── v42.yaml ├── _includes ├── banner.html ├── breadcrumb.html └── navigation.html ├── assets ├── archive │ ├── 182px-OWTGv4_Cover.png │ ├── 455px-OWTGv4_Cover.png │ ├── OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt │ ├── OWASP_Testing_Guide_Presentation.zip │ ├── OWASP_Testing_Guide_Presentation_EUSecWest07.zip │ ├── OWASP_Testing_Guide_v1.pdf │ ├── OWASP_Testing_Guide_v2.pdf │ ├── OWASP_Testing_Guide_v2_doc.zip │ ├── OWASP_Testing_Guide_v2_spanish_doc.zip │ ├── OWASP_Testing_Guide_v3.pdf │ ├── OWASP_Testing_Guide_v4.pdf │ ├── OWASP_Web_Application_Penetration_Checklist_v1_1.pdf │ └── OWTGv4_Cover.png └── images │ └── README.md ├── index.md ├── info.md ├── latest ├── 0-Foreword │ ├── README.md │ ├── index.md │ └── info.md ├── 1-Frontispiece │ ├── README.md │ ├── images │ │ ├── Owasp_logo_icon.jpg │ │ └── follow_badge.png │ ├── index.md │ └── info.md ├── 2-Introduction │ ├── README.md │ ├── images │ │ ├── 640px-UseAndMisuseCase.png │ │ ├── ProportionSDLC.png │ │ ├── ProportionTest.png │ │ ├── SDLC.jpg │ │ └── WindowExposure.png │ ├── index.md │ └── info.md ├── 3-The_OWASP_Testing_Framework │ ├── 0-The_Web_Security_Testing_Framework.md │ ├── 1-Penetration_Testing_Methodologies.md │ ├── README.md │ ├── images │ │ └── Typical_SDLC_Testing_Workflow.gif │ ├── index.md │ └── info.md ├── 4-Web_Application_Security_Testing │ ├── 00-Introduction_and_Objectives │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 01-Information_Gathering │ │ ├── 01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md │ │ ├── 02-Fingerprint_Web_Server.md │ │ ├── 03-Review_Webserver_Metafiles_for_Information_Leakage.md │ │ ├── 04-Enumerate_Applications_on_Webserver.md │ │ ├── 05-Review_Web_Page_Content_for_Information_Leakage.md │ │ ├── 06-Identify_Application_Entry_Points.md │ │ ├── 07-Map_Execution_Paths_Through_Application.md │ │ ├── 08-Fingerprint_Web_Application_Framework.md │ │ ├── 09-Fingerprint_Web_Application.md │ │ ├── 10-Map_Application_Architecture.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Banshee_bottom_page.png │ │ │ ├── Cakephp_cookie.png │ │ │ ├── Drupal_botcha_disclosure.png │ │ │ ├── Google_site_Operator_Search_Results_Example_20200406.png │ │ │ ├── Httprint.jpg │ │ │ ├── Netcraft2.png │ │ │ ├── OWASPZAPSP.png │ │ │ ├── Owasp-wappalyzer.png │ │ │ ├── Robots-info-disclosure.png │ │ │ ├── Whatweb-sample.png │ │ │ ├── Wordpress_dirbusting.png │ │ │ ├── Zk_html_source.png │ │ │ └── wp-syntaxerror.png │ │ ├── index.md │ │ └── info.md │ ├── 02-Configuration_and_Deployment_Management_Testing │ │ ├── 01-Test_Network_Infrastructure_Configuration.md │ │ ├── 02-Test_Application_Platform_Configuration.md │ │ ├── 03-Test_File_Extensions_Handling_for_Sensitive_Information.md │ │ ├── 04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md │ │ ├── 05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md │ │ ├── 06-Test_HTTP_Methods.md │ │ ├── 07-Test_HTTP_Strict_Transport_Security.md │ │ ├── 08-Test_RIA_Cross_Domain_Policy.md │ │ ├── 09-Test_File_Permission.md │ │ ├── 10-Test_for_Subdomain_Takeover.md │ │ ├── 11-Test_Cloud_Storage.md │ │ ├── 12-Test_for_Content_Security_Policy.md │ │ ├── 13-Test_for_Path_Confusion.md │ │ ├── 14-Test_Other_HTTP_Security_Header_Misconfigurations.md │ │ ├── README.md │ │ ├── images │ │ │ ├── subdomain_takeover_ex1.jpeg │ │ │ └── subdomain_takeover_ex2.jpeg │ │ ├── index.md │ │ └── info.md │ ├── 03-Identity_Management_Testing │ │ ├── 01-Test_Role_Definitions.md │ │ ├── 02-Test_User_Registration_Process.md │ │ ├── 03-Test_Account_Provisioning_Process.md │ │ ├── 04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md │ │ ├── 05-Testing_for_Weak_or_Unenforced_Username_Policy.md │ │ ├── README.md │ │ ├── images │ │ │ ├── AuthenticationFailed.png │ │ │ ├── Google_registration_page.jpg │ │ │ ├── Userisnotactive.png │ │ │ ├── Wordpress_authandusers.png │ │ │ ├── Wordpress_registration_page.jpg │ │ │ └── Wordpress_useradd.png │ │ ├── index.md │ │ └── info.md │ ├── 04-Authentication_Testing │ │ ├── 01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md │ │ ├── 02-Testing_for_Default_Credentials.md │ │ ├── 03-Testing_for_Weak_Lock_Out_Mechanism.md │ │ ├── 04-Testing_for_Bypassing_Authentication_Schema.md │ │ ├── 05-Testing_for_Vulnerable_Remember_Password.md │ │ ├── 06-Testing_for_Browser_Cache_Weaknesses.md │ │ ├── 07-Testing_for_Weak_Authentication_Methods.md │ │ ├── 08-Testing_for_Weak_Security_Question_Answer.md │ │ ├── 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md │ │ ├── 10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md │ │ ├── 11-Testing_Multi-Factor_Authentication.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Basm-parammod.jpg │ │ │ ├── Basm-sessid.jpg │ │ │ ├── Basm-sessid2.jpg │ │ │ ├── Basm-sqlinj.jpg │ │ │ └── Basm-sqlinj2.gif │ │ ├── index.md │ │ └── info.md │ ├── 05-Authorization_Testing │ │ ├── 01-Testing_Directory_Traversal_File_Include.md │ │ ├── 02-Testing_for_Bypassing_Authorization_Schema.md │ │ ├── 03-Testing_for_Privilege_Escalation.md │ │ ├── 04-Testing_for_Insecure_Direct_Object_References.md │ │ ├── 05-Testing_for_OAuth_Weaknesses.md │ │ ├── 05.1-Testing_for_OAuth_Authorization_Server_Weaknesses.md │ │ ├── 05.2-Testing_for_OAuth_Client_Weaknesses.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Basm-directreq.jpg │ │ │ └── token-injection.png │ │ ├── index.md │ │ └── info.md │ ├── 06-Session_Management_Testing │ │ ├── 01-Testing_for_Session_Management_Schema.md │ │ ├── 02-Testing_for_Cookies_Attributes.md │ │ ├── 03-Testing_for_Session_Fixation.md │ │ ├── 04-Testing_for_Exposed_Session_Variables.md │ │ ├── 05-Testing_for_Cross_Site_Request_Forgery.md │ │ ├── 06-Testing_for_Logout_Functionality.md │ │ ├── 07-Testing_Session_Timeout.md │ │ ├── 08-Testing_for_Session_Puzzling.md │ │ ├── 09-Testing_for_Session_Hijacking.md │ │ ├── 10-Testing_JSON_Web_Tokens.md │ │ ├── 11-Testing_for_Concurrent_Sessions.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Session_Riding_Firewall_Management.gif │ │ │ ├── Session_Riding_Firewall_Management_2.gif │ │ │ └── Session_riding.GIF │ │ ├── index.md │ │ └── info.md │ ├── 07-Input_Validation_Testing │ │ ├── 01-Testing_for_Reflected_Cross_Site_Scripting.md │ │ ├── 02-Testing_for_Stored_Cross_Site_Scripting.md │ │ ├── 03-Testing_for_HTTP_Verb_Tampering.md │ │ ├── 04-Testing_for_HTTP_Parameter_Pollution.md │ │ ├── 05-Testing_for_SQL_Injection.md │ │ ├── 05.1-Testing_for_Oracle.md │ │ ├── 05.2-Testing_for_MySQL.md │ │ ├── 05.3-Testing_for_SQL_Server.md │ │ ├── 05.4-Testing_PostgreSQL.md │ │ ├── 05.5-Testing_for_MS_Access.md │ │ ├── 05.6-Testing_for_NoSQL_Injection.md │ │ ├── 05.7-Testing_for_ORM_Injection.md │ │ ├── 05.8-Testing_for_Client-side.md │ │ ├── 06-Testing_for_LDAP_Injection.md │ │ ├── 07-Testing_for_XML_Injection.md │ │ ├── 08-Testing_for_SSI_Injection.md │ │ ├── 09-Testing_for_XPath_Injection.md │ │ ├── 10-Testing_for_IMAP_SMTP_Injection.md │ │ ├── 11-Testing_for_Code_Injection.md │ │ ├── 11.1-Testing_for_File_Inclusion.md │ │ ├── 12-Testing_for_Command_Injection.md │ │ ├── 13-Testing_for_Buffer_Overflow.md │ │ ├── 13-Testing_for_Format_String_Injection.md │ │ ├── 14-Testing_for_Incubated_Vulnerability.md │ │ ├── 15-Testing_for_HTTP_Splitting_Smuggling.md │ │ ├── 16-Testing_for_HTTP_Incoming_Requests.md │ │ ├── 17-Testing_for_Host_Header_Injection.md │ │ ├── 18-Testing_for_Server-side_Template_Injection.md │ │ ├── 19-Testing_for_Server-Side_Request_Forgery.md │ │ ├── 20-Testing_for_Mass_Assignment.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Alert.png │ │ │ ├── Imap-smtp-injection.png │ │ │ ├── OPTIONS_verb_tampering.png │ │ │ ├── RubyBeef.png │ │ │ ├── SSTI_XVWA.jpeg │ │ │ ├── Stored_input_example.jpg │ │ │ ├── Stored_xss_example.jpg │ │ │ ├── XSS_Example1.png │ │ │ └── XSS_Example2.png │ │ ├── index.md │ │ └── info.md │ ├── 08-Testing_for_Error_Handling │ │ ├── 01-Testing_For_Improper_Error_Handling.md │ │ ├── 02-Testing_for_Stack_Traces.md │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 09-Testing_for_Weak_Cryptography │ │ ├── 01-Testing_for_Weak_Transport_Layer_Security.md │ │ ├── 02-Testing_for_Padding_Oracle.md │ │ ├── 03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md │ │ ├── 04-Testing_for_Weak_Encryption.md │ │ ├── README.md │ │ ├── images │ │ │ ├── SSL_Certificate_Validity_Testing_Firefox_Warning.gif │ │ │ └── SSL_Certificate_Validity_Testing_IE_Warning.gif │ │ ├── index.md │ │ └── info.md │ ├── 10-Business_Logic_Testing │ │ ├── 00-Introduction_to_Business_Logic.md │ │ ├── 01-Test_Business_Logic_Data_Validation.md │ │ ├── 02-Test_Ability_to_Forge_Requests.md │ │ ├── 03-Test_Integrity_Checks.md │ │ ├── 04-Test_for_Process_Timing.md │ │ ├── 05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md │ │ ├── 06-Testing_for_the_Circumvention_of_Work_Flows.md │ │ ├── 07-Test_Defenses_Against_Application_Misuse.md │ │ ├── 08-Test_Upload_of_Unexpected_File_Types.md │ │ ├── 09-Test_Upload_of_Malicious_Files.md │ │ ├── 10-Test-Payment-Functionality.md │ │ ├── README.md │ │ ├── images │ │ │ └── Control_Flow_of_Login_Form.jpg │ │ ├── index.md │ │ └── info.md │ ├── 11-Client-side_Testing │ │ ├── 01-Testing_for_DOM-based_Cross_Site_Scripting.md │ │ ├── 01.1-Testing_for_Self_DOM_Based_Cross_Site_Scripting.md │ │ ├── 02-Testing_for_JavaScript_Execution.md │ │ ├── 03-Testing_for_HTML_Injection.md │ │ ├── 04-Testing_for_Client-side_URL_Redirect.md │ │ ├── 05-Testing_for_CSS_Injection.md │ │ ├── 06-Testing_for_Client-side_Resource_Manipulation.md │ │ ├── 07-Testing_Cross_Origin_Resource_Sharing.md │ │ ├── 08-Testing_for_Cross_Site_Flashing.md │ │ ├── 09-Testing_for_Clickjacking.md │ │ ├── 10-Testing_WebSockets.md │ │ ├── 11-Testing_Web_Messaging.md │ │ ├── 12-Testing_Browser_Storage.md │ │ ├── 13-Testing_for_Cross_Site_Script_Inclusion.md │ │ ├── 14-Testing_for_Reverse_Tabnabbing.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Clickjacking_description.png │ │ │ ├── Clickjacking_example_malicious_page_1.png │ │ │ ├── Clickjacking_example_malicious_page_2.png │ │ │ ├── Clickjacking_example_malicious_page_3.png │ │ │ ├── Clickjacking_example_step2.png │ │ │ ├── Masked_iframe.png │ │ │ ├── OWASP_ZAP_WebSockets.png │ │ │ ├── Storage-xss.png │ │ │ ├── WebSocket_Client.png │ │ │ └── XSSI1.jpeg │ │ ├── index.md │ │ └── info.md │ ├── 12-API_Testing │ │ ├── 00-API_Testing_Overview.md │ │ ├── 01-API_Reconnaissance.md │ │ ├── 02-API_Broken_Object_Level_Authorization.md │ │ ├── 99-Testing_GraphQL.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Playground1.png │ │ │ ├── Playground2.png │ │ │ ├── Voyager.png │ │ │ └── auth1.png │ │ ├── index.md │ │ └── info.md │ ├── README.md │ ├── index.md │ └── info.md ├── 5-Reporting │ ├── 01-Reporting_Structure.md │ ├── 02-Naming_Schemes.md │ ├── README.md │ ├── index.md │ └── info.md ├── 6-Appendix │ ├── A-Testing_Tools_Resource.md │ ├── B-Suggested_Reading.md │ ├── C-Fuzzing.md │ ├── D-Encoded_Injection.md │ ├── E-History.md │ ├── F-Leveraging_Dev_Tools.md │ ├── README.md │ ├── images │ │ ├── f_chrome_devtools_headers.png │ │ ├── f_chrome_devtools_offline.png │ │ ├── f_chrome_devtools_ua_switch.png │ │ ├── f_chrome_responsive_design_mode.png │ │ ├── f_firefox_cookie_edit.png │ │ ├── f_firefox_devtools_headers.png │ │ ├── f_firefox_devtools_offline.png │ │ ├── f_firefox_responsive_design_mode.png │ │ └── f_firefox_ua_switch.png │ ├── index.md │ └── info.md ├── README.md ├── index.md └── info.md ├── leaders.md ├── project.owasp.yaml ├── stable ├── 0-Foreword │ ├── README.md │ ├── index.md │ └── info.md ├── 1-Frontispiece │ ├── README.md │ ├── images │ │ ├── Owasp_logo_icon.jpg │ │ └── follow_badge.png │ ├── index.md │ └── info.md ├── 2-Introduction │ ├── README.md │ ├── images │ │ ├── 640px-UseAndMisuseCase.png │ │ ├── ProportionSDLC.png │ │ ├── ProportionTest.png │ │ ├── SDLC.jpg │ │ └── WindowExposure.png │ ├── index.md │ └── info.md ├── 3-The_OWASP_Testing_Framework │ ├── 0-The_Web_Security_Testing_Framework.md │ ├── 1-Penetration_Testing_Methodologies.md │ ├── README.md │ ├── images │ │ └── Typical_SDLC_Testing_Workflow.gif │ ├── index.md │ └── info.md ├── 4-Web_Application_Security_Testing │ ├── 00-Introduction_and_Objectives │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 01-Information_Gathering │ │ ├── 01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md │ │ ├── 02-Fingerprint_Web_Server.md │ │ ├── 03-Review_Webserver_Metafiles_for_Information_Leakage.md │ │ ├── 04-Enumerate_Applications_on_Webserver.md │ │ ├── 05-Review_Webpage_Content_for_Information_Leakage.md │ │ ├── 06-Identify_Application_Entry_Points.md │ │ ├── 07-Map_Execution_Paths_Through_Application.md │ │ ├── 08-Fingerprint_Web_Application_Framework.md │ │ ├── 09-Fingerprint_Web_Application.md │ │ ├── 10-Map_Application_Architecture.md │ │ ├── README.md │ │ ├── images │ │ │ ├── 10_mod_security.jpg │ │ │ ├── Banshee_bottom_page.png │ │ │ ├── Cakephp_cookie.png │ │ │ ├── Drupal_botcha_disclosure.png │ │ │ ├── Google_cache_Operator_Search_Results_Example_20200406.png │ │ │ ├── Google_site_Operator_Search_Results_Example_20200406.png │ │ │ ├── Httprint.jpg │ │ │ ├── Netcraft2.png │ │ │ ├── OWASPZAPSP.png │ │ │ ├── Owasp-Info.jpg │ │ │ ├── Owasp-wappalyzer.png │ │ │ ├── Robots-info-disclosure.png │ │ │ ├── Whatweb-sample.png │ │ │ ├── Wordpress_dirbusting.png │ │ │ ├── Zk_html_source.png │ │ │ └── wp-syntaxerror.png │ │ ├── index.md │ │ └── info.md │ ├── 02-Configuration_and_Deployment_Management_Testing │ │ ├── 01-Test_Network_Infrastructure_Configuration.md │ │ ├── 02-Test_Application_Platform_Configuration.md │ │ ├── 03-Test_File_Extensions_Handling_for_Sensitive_Information.md │ │ ├── 04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md │ │ ├── 05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md │ │ ├── 06-Test_HTTP_Methods.md │ │ ├── 07-Test_HTTP_Strict_Transport_Security.md │ │ ├── 08-Test_RIA_Cross_Domain_Policy.md │ │ ├── 09-Test_File_Permission.md │ │ ├── 10-Test_for_Subdomain_Takeover.md │ │ ├── 11-Test_Cloud_Storage.md │ │ ├── README.md │ │ ├── images │ │ │ ├── subdomain_takeover_ex1.jpeg │ │ │ └── subdomain_takeover_ex2.jpeg │ │ ├── index.md │ │ └── info.md │ ├── 03-Identity_Management_Testing │ │ ├── 01-Test_Role_Definitions.md │ │ ├── 02-Test_User_Registration_Process.md │ │ ├── 03-Test_Account_Provisioning_Process.md │ │ ├── 04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md │ │ ├── 05-Testing_for_Weak_or_Unenforced_Username_Policy.md │ │ ├── README.md │ │ ├── images │ │ │ ├── AuthenticationFailed.png │ │ │ ├── Google_registration_page.jpg │ │ │ ├── Userisnotactive.png │ │ │ ├── Wordpress_authandusers.png │ │ │ ├── Wordpress_registration_page.jpg │ │ │ └── Wordpress_useradd.png │ │ ├── index.md │ │ └── info.md │ ├── 04-Authentication_Testing │ │ ├── 01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md │ │ ├── 02-Testing_for_Default_Credentials.md │ │ ├── 03-Testing_for_Weak_Lock_Out_Mechanism.md │ │ ├── 04-Testing_for_Bypassing_Authentication_Schema.md │ │ ├── 05-Testing_for_Vulnerable_Remember_Password.md │ │ ├── 06-Testing_for_Browser_Cache_Weaknesses.md │ │ ├── 07-Testing_for_Weak_Password_Policy.md │ │ ├── 08-Testing_for_Weak_Security_Question_Answer.md │ │ ├── 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md │ │ ├── 10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Basm-directreq.jpg │ │ │ ├── Basm-parammod.jpg │ │ │ ├── Basm-sessid.jpg │ │ │ ├── Basm-sessid2.jpg │ │ │ ├── Basm-sqlinj.jpg │ │ │ └── Basm-sqlinj2.gif │ │ ├── index.md │ │ └── info.md │ ├── 05-Authorization_Testing │ │ ├── 01-Testing_Directory_Traversal_File_Include.md │ │ ├── 02-Testing_for_Bypassing_Authorization_Schema.md │ │ ├── 03-Testing_for_Privilege_Escalation.md │ │ ├── 04-Testing_for_Insecure_Direct_Object_References.md │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 06-Session_Management_Testing │ │ ├── 01-Testing_for_Session_Management_Schema.md │ │ ├── 02-Testing_for_Cookies_Attributes.md │ │ ├── 03-Testing_for_Session_Fixation.md │ │ ├── 04-Testing_for_Exposed_Session_Variables.md │ │ ├── 05-Testing_for_Cross_Site_Request_Forgery.md │ │ ├── 06-Testing_for_Logout_Functionality.md │ │ ├── 07-Testing_Session_Timeout.md │ │ ├── 08-Testing_for_Session_Puzzling.md │ │ ├── 09-Testing_for_Session_Hijacking.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Session_Riding_Firewall_Management.gif │ │ │ ├── Session_Riding_Firewall_Management_2.gif │ │ │ └── Session_riding.GIF │ │ ├── index.md │ │ └── info.md │ ├── 07-Input_Validation_Testing │ │ ├── 01-Testing_for_Reflected_Cross_Site_Scripting.md │ │ ├── 02-Testing_for_Stored_Cross_Site_Scripting.md │ │ ├── 03-Testing_for_HTTP_Verb_Tampering.md │ │ ├── 04-Testing_for_HTTP_Parameter_Pollution.md │ │ ├── 05-Testing_for_SQL_Injection.md │ │ ├── 05.1-Testing_for_Oracle.md │ │ ├── 05.2-Testing_for_MySQL.md │ │ ├── 05.3-Testing_for_SQL_Server.md │ │ ├── 05.4-Testing_PostgreSQL.md │ │ ├── 05.5-Testing_for_MS_Access.md │ │ ├── 05.6-Testing_for_NoSQL_Injection.md │ │ ├── 05.7-Testing_for_ORM_Injection.md │ │ ├── 05.8-Testing_for_Client-side.md │ │ ├── 06-Testing_for_LDAP_Injection.md │ │ ├── 07-Testing_for_XML_Injection.md │ │ ├── 08-Testing_for_SSI_Injection.md │ │ ├── 09-Testing_for_XPath_Injection.md │ │ ├── 10-Testing_for_IMAP_SMTP_Injection.md │ │ ├── 11-Testing_for_Code_Injection.md │ │ ├── 11.1-Testing_for_Local_File_Inclusion.md │ │ ├── 11.2-Testing_for_Remote_File_Inclusion.md │ │ ├── 12-Testing_for_Command_Injection.md │ │ ├── 13-Testing_for_Buffer_Overflow.md │ │ ├── 13-Testing_for_Format_String_Injection.md │ │ ├── 14-Testing_for_Incubated_Vulnerability.md │ │ ├── 15-Testing_for_HTTP_Splitting_Smuggling.md │ │ ├── 16-Testing_for_HTTP_Incoming_Requests.md │ │ ├── 17-Testing_for_Host_Header_Injection.md │ │ ├── 18-Testing_for_Server-side_Template_Injection.md │ │ ├── 19-Testing_for_Server-Side_Request_Forgery.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Alert.png │ │ │ ├── Imap-smtp-injection.png │ │ │ ├── OPTIONS_verb_tampering.png │ │ │ ├── RubyBeef.png │ │ │ ├── SSTI_XVWA.jpeg │ │ │ ├── Stored_input_example.jpg │ │ │ ├── Stored_xss_example.jpg │ │ │ ├── XSS_Example1.png │ │ │ └── XSS_Example2.png │ │ ├── index.md │ │ └── info.md │ ├── 08-Testing_for_Error_Handling │ │ ├── 01-Testing_For_Improper_Error_Handling.md │ │ ├── 02-Testing_for_Stack_Traces.md │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 09-Testing_for_Weak_Cryptography │ │ ├── 01-Testing_for_Weak_Transport_Layer_Security.md │ │ ├── 02-Testing_for_Padding_Oracle.md │ │ ├── 03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md │ │ ├── 04-Testing_for_Weak_Encryption.md │ │ ├── README.md │ │ ├── images │ │ │ ├── SSL_Certificate_Validity_Testing_Firefox_Warning.gif │ │ │ └── SSL_Certificate_Validity_Testing_IE_Warning.gif │ │ ├── index.md │ │ └── info.md │ ├── 10-Business_Logic_Testing │ │ ├── 00-Introduction_to_Business_Logic.md │ │ ├── 01-Test_Business_Logic_Data_Validation.md │ │ ├── 02-Test_Ability_to_Forge_Requests.md │ │ ├── 03-Test_Integrity_Checks.md │ │ ├── 04-Test_for_Process_Timing.md │ │ ├── 05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md │ │ ├── 06-Testing_for_the_Circumvention_of_Work_Flows.md │ │ ├── 07-Test_Defenses_Against_Application_Misuse.md │ │ ├── 08-Test_Upload_of_Unexpected_File_Types.md │ │ ├── 09-Test_Upload_of_Malicious_Files.md │ │ ├── README.md │ │ ├── images │ │ │ └── Control_Flow_of_Login_Form.jpg │ │ ├── index.md │ │ └── info.md │ ├── 11-Client-side_Testing │ │ ├── 01-Testing_for_DOM-based_Cross_Site_Scripting.md │ │ ├── 02-Testing_for_JavaScript_Execution.md │ │ ├── 03-Testing_for_HTML_Injection.md │ │ ├── 04-Testing_for_Client-side_URL_Redirect.md │ │ ├── 05-Testing_for_CSS_Injection.md │ │ ├── 06-Testing_for_Client-side_Resource_Manipulation.md │ │ ├── 07-Testing_Cross_Origin_Resource_Sharing.md │ │ ├── 08-Testing_for_Cross_Site_Flashing.md │ │ ├── 09-Testing_for_Clickjacking.md │ │ ├── 10-Testing_WebSockets.md │ │ ├── 11-Testing_Web_Messaging.md │ │ ├── 12-Testing_Browser_Storage.md │ │ ├── 13-Testing_for_Cross_Site_Script_Inclusion.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Clickjacking_description.png │ │ │ ├── Clickjacking_example_malicious_page_1.png │ │ │ ├── Clickjacking_example_malicious_page_2.png │ │ │ ├── Clickjacking_example_malicious_page_3.png │ │ │ ├── Clickjacking_example_step2.png │ │ │ ├── Masked_iframe.png │ │ │ ├── OWASP_ZAP_WebSockets.png │ │ │ ├── Storage-xss.png │ │ │ ├── WebSocket_Client.png │ │ │ └── XSSI1.jpeg │ │ ├── index.md │ │ └── info.md │ ├── 12-API_Testing │ │ ├── 01-Testing_GraphQL.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Playground1.png │ │ │ ├── Playground2.png │ │ │ ├── Voyager.png │ │ │ └── auth1.png │ │ ├── index.md │ │ └── info.md │ ├── README.md │ ├── index.md │ └── info.md ├── 5-Reporting │ ├── README.md │ ├── index.md │ └── info.md ├── 6-Appendix │ ├── A-Testing_Tools_Resource.md │ ├── B-Suggested_Reading.md │ ├── C-Fuzz_Vectors.md │ ├── D-Encoded_Injection.md │ ├── E-History.md │ ├── F-Leveraging_Dev_Tools.md │ ├── README.md │ ├── images │ │ ├── f_chrome_devtools_headers.png │ │ ├── f_chrome_devtools_offline.png │ │ ├── f_chrome_devtools_ua_switch.png │ │ ├── f_chrome_responsive_design_mode.png │ │ ├── f_firefox_cookie_edit.png │ │ ├── f_firefox_devtools_headers.png │ │ ├── f_firefox_devtools_offline.png │ │ ├── f_firefox_responsive_design_mode.png │ │ └── f_firefox_ua_switch.png │ ├── index.md │ └── info.md ├── README.md ├── index.md └── info.md ├── tab_downloads.md ├── tab_faq.md ├── v41 ├── 0-Foreword │ ├── README.md │ ├── index.md │ └── info.md ├── 1-Frontispiece │ ├── README.md │ ├── images │ │ ├── Owasp_logo_icon.jpg │ │ └── follow_badge.png │ ├── index.md │ └── info.md ├── 2-Introduction │ ├── README.md │ ├── images │ │ ├── 640px-UseAndMisuseCase.png │ │ ├── ProportionSDLC.png │ │ ├── ProportionTest.png │ │ ├── SDLC.jpg │ │ └── WindowExposure.png │ ├── index.md │ └── info.md ├── 3-The_OWASP_Testing_Framework │ ├── 0-The_Web_Security_Testing_Framework.md │ ├── 1-Penetration_Testing_Methodologies.md │ ├── README.md │ ├── images │ │ └── Typical_SDLC_Testing_Workflow.gif │ ├── index.md │ └── info.md ├── 4-Web_Application_Security_Testing │ ├── 00-Introduction_and_Objectives │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 01-Information_Gathering │ │ ├── 01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md │ │ ├── 02-Fingerprint_Web_Server.md │ │ ├── 03-Review_Webserver_Metafiles_for_Information_Leakage.md │ │ ├── 04-Enumerate_Applications_on_Webserver.md │ │ ├── 05-Review_Webpage_Comments_and_Metadata_for_Information_Leakage.md │ │ ├── 06-Identify_Application_Entry_Points.md │ │ ├── 07-Map_Execution_Paths_Through_Application.md │ │ ├── 08-Fingerprint_Web_Application_Framework.md │ │ ├── 09-Fingerprint_Web_Application.md │ │ ├── 10-Map_Application_Architecture.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Banshee_bottom_page.png │ │ │ ├── Cakephp_cookie.png │ │ │ ├── Drupal_botcha_disclosure.png │ │ │ ├── Google_cache_Operator_Search_Results_Example_20200406.png │ │ │ ├── Google_site_Operator_Search_Results_Example_20200406.png │ │ │ ├── Httprint.jpg │ │ │ ├── Meta_Tag_Example-Facebook-Aug_2013.png │ │ │ ├── Netcraft2.png │ │ │ ├── OWASPZAPSP.png │ │ │ ├── Owasp-Info.jpg │ │ │ ├── Owasp-wappalyzer.png │ │ │ ├── Robots-info-disclosure.png │ │ │ ├── Whatweb-sample.png │ │ │ ├── Wordpress_dirbusting.png │ │ │ └── Zk_html_source.png │ │ ├── index.md │ │ └── info.md │ ├── 02-Configuration_and_Deployment_Management_Testing │ │ ├── 01-Test_Network_Infrastructure_Configuration.md │ │ ├── 02-Test_Application_Platform_Configuration.md │ │ ├── 03-Test_File_Extensions_Handling_for_Sensitive_Information.md │ │ ├── 04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md │ │ ├── 05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md │ │ ├── 06-Test_HTTP_Methods.md │ │ ├── 07-Test_HTTP_Strict_Transport_Security.md │ │ ├── 08-Test_RIA_Cross_Domain_Policy.md │ │ ├── 09-Test_File_Permission.md │ │ ├── 10-Test_for_Subdomain_Takeover.md │ │ ├── 11-Test_Cloud_Storage.md │ │ ├── README.md │ │ ├── images │ │ │ ├── subdomain_takeover_ex1.jpeg │ │ │ └── subdomain_takeover_ex2.jpeg │ │ ├── index.md │ │ └── info.md │ ├── 03-Identity_Management_Testing │ │ ├── 01-Test_Role_Definitions.md │ │ ├── 02-Test_User_Registration_Process.md │ │ ├── 03-Test_Account_Provisioning_Process.md │ │ ├── 04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md │ │ ├── 05-Testing_for_Weak_or_Unenforced_Username_Policy.md │ │ ├── README.md │ │ ├── images │ │ │ ├── AuthenticationFailed.png │ │ │ ├── Google_registration_page.jpg │ │ │ ├── NoConfFound.jpg │ │ │ ├── Userisnotactive.png │ │ │ ├── Wordpress_authandusers.png │ │ │ ├── Wordpress_registration_page.jpg │ │ │ └── Wordpress_useradd.png │ │ ├── index.md │ │ └── info.md │ ├── 04-Authentication_Testing │ │ ├── 01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md │ │ ├── 02-Testing_for_Default_Credentials.md │ │ ├── 03-Testing_for_Weak_Lock_Out_Mechanism.md │ │ ├── 04-Testing_for_Bypassing_Authentication_Schema.md │ │ ├── 05-Testing_for_Vulnerable_Remember_Password.md │ │ ├── 06-Testing_for_Browser_Cache_Weaknesses.md │ │ ├── 07-Testing_for_Weak_Password_Policy.md │ │ ├── 08-Testing_for_Weak_Security_Question_Answer.md │ │ ├── 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md │ │ ├── 10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Basm-directreq.jpg │ │ │ ├── Basm-parammod.jpg │ │ │ ├── Basm-sessid.jpg │ │ │ ├── Basm-sessid2.jpg │ │ │ ├── Basm-sqlinj.jpg │ │ │ └── Basm-sqlinj2.gif │ │ ├── index.md │ │ └── info.md │ ├── 05-Authorization_Testing │ │ ├── 01-Testing_Directory_Traversal_File_Include.md │ │ ├── 02-Testing_for_Bypassing_Authorization_Schema.md │ │ ├── 03-Testing_for_Privilege_Escalation.md │ │ ├── 04-Testing_for_Insecure_Direct_Object_References.md │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 06-Session_Management_Testing │ │ ├── 01-Testing_for_Session_Management_Schema.md │ │ ├── 02-Testing_for_Cookies_Attributes.md │ │ ├── 03-Testing_for_Session_Fixation.md │ │ ├── 04-Testing_for_Exposed_Session_Variables.md │ │ ├── 05-Testing_for_Cross_Site_Request_Forgery.md │ │ ├── 06-Testing_for_Logout_Functionality.md │ │ ├── 07-Testing_Session_Timeout.md │ │ ├── 08-Testing_for_Session_Puzzling.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Session_Riding_Firewall_Management.gif │ │ │ ├── Session_Riding_Firewall_Management_2.gif │ │ │ └── Session_riding.GIF │ │ ├── index.md │ │ └── info.md │ ├── 07-Input_Validation_Testing │ │ ├── 01-Testing_for_Reflected_Cross_Site_Scripting.md │ │ ├── 02-Testing_for_Stored_Cross_Site_Scripting.md │ │ ├── 03-Testing_for_HTTP_Verb_Tampering.md │ │ ├── 04-Testing_for_HTTP_Parameter_Pollution.md │ │ ├── 05-Testing_for_SQL_Injection.md │ │ ├── 05.1-Testing_for_Oracle.md │ │ ├── 05.2-Testing_for_MySQL.md │ │ ├── 05.3-Testing_for_SQL_Server.md │ │ ├── 05.4-Testing_PostgreSQL.md │ │ ├── 05.5-Testing_for_MS_Access.md │ │ ├── 05.6-Testing_for_NoSQL_Injection.md │ │ ├── 05.7-Testing_for_ORM_Injection.md │ │ ├── 05.8-Testing_for_Client_Side.md │ │ ├── 06-Testing_for_LDAP_Injection.md │ │ ├── 07-Testing_for_XML_Injection.md │ │ ├── 08-Testing_for_SSI_Injection.md │ │ ├── 09-Testing_for_XPath_Injection.md │ │ ├── 10-Testing_for_IMAP_SMTP_Injection.md │ │ ├── 11-Testing_for_Code_Injection.md │ │ ├── 11.1-Testing_for_Local_File_Inclusion.md │ │ ├── 11.2-Testing_for_Remote_File_Inclusion.md │ │ ├── 12-Testing_for_Command_Injection.md │ │ ├── 13-Testing_for_Buffer_Overflow.md │ │ ├── 13.1-Testing_for_Heap_Overflow.md │ │ ├── 13.2-Testing_for_Stack_Overflow.md │ │ ├── 13.3-Testing_for_Format_String.md │ │ ├── 14-Testing_for_Incubated_Vulnerability.md │ │ ├── 15-Testing_for_HTTP_Splitting_Smuggling.md │ │ ├── 16-Testing_for_HTTP_Incoming_Requests.md │ │ ├── 17-Testing_for_Host_Header_Injection.md │ │ ├── 18-Testing_for_Server_Side_Template_Injection.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Alert.png │ │ │ ├── Heap_overflow_vulnerability.gif │ │ │ ├── Imap-smtp-injection.png │ │ │ ├── OPTIONS_verb_tampering.png │ │ │ ├── RubyBeef.png │ │ │ ├── SSTI_XVWA.jpeg │ │ │ ├── Stack_overflow_vulnerability.gif │ │ │ ├── Stack_overflow_vulnerability_2.gif │ │ │ ├── Stored_input_example.jpg │ │ │ ├── Stored_xss_example.jpg │ │ │ ├── XSS_Example1.png │ │ │ └── XSS_Example2.png │ │ ├── index.md │ │ └── info.md │ ├── 08-Testing_for_Error_Handling │ │ ├── 01-Testing_for_Error_Code.md │ │ ├── 02-Testing_for_Stack_Traces.md │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 09-Testing_for_Weak_Cryptography │ │ ├── 01-Testing_for_Weak_SSL_TLS_Ciphers_Insufficient_Transport_Layer_Protection.md │ │ ├── 02-Testing_for_Padding_Oracle.md │ │ ├── 03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md │ │ ├── 04-Testing_for_Weak_Encryption.md │ │ ├── README.md │ │ ├── images │ │ │ ├── SSL_Certificate_Validity_Testing_Firefox_Warning.gif │ │ │ └── SSL_Certificate_Validity_Testing_IE_Warning.gif │ │ ├── index.md │ │ └── info.md │ ├── 10-Business_Logic_Testing │ │ ├── 00-Introduction_to_Business_Logic.md │ │ ├── 01-Test_Business_Logic_Data_Validation.md │ │ ├── 02-Test_Ability_to_Forge_Requests.md │ │ ├── 03-Test_Integrity_Checks.md │ │ ├── 04-Test_for_Process_Timing.md │ │ ├── 05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md │ │ ├── 06-Testing_for_the_Circumvention_of_Work_Flows.md │ │ ├── 07-Test_Defenses_Against_Application_Misuse.md │ │ ├── 08-Test_Upload_of_Unexpected_File_Types.md │ │ ├── 09-Test_Upload_of_Malicious_Files.md │ │ ├── README.md │ │ ├── index.md │ │ └── info.md │ ├── 11-Client_Side_Testing │ │ ├── 01-Testing_for_DOM-based_Cross_Site_Scripting.md │ │ ├── 02-Testing_for_JavaScript_Execution.md │ │ ├── 03-Testing_for_HTML_Injection.md │ │ ├── 04-Testing_for_Client_Side_URL_Redirect.md │ │ ├── 05-Testing_for_CSS_Injection.md │ │ ├── 06-Testing_for_Client_Side_Resource_Manipulation.md │ │ ├── 07-Testing_Cross_Origin_Resource_Sharing.md │ │ ├── 08-Testing_for_Cross_Site_Flashing.md │ │ ├── 09-Testing_for_Clickjacking.md │ │ ├── 10-Testing_WebSockets.md │ │ ├── 11-Testing_Web_Messaging.md │ │ ├── 12-Testing_Browser_Storage.md │ │ ├── 13-Testing_for_Cross_Site_Script_Inclusion.md │ │ ├── README.md │ │ ├── images │ │ │ ├── Clickjacking_description.png │ │ │ ├── Clickjacking_example_malicious_page_1.png │ │ │ ├── Clickjacking_example_malicious_page_2.png │ │ │ ├── Clickjacking_example_malicious_page_3.png │ │ │ ├── Clickjacking_example_step2.png │ │ │ ├── Masked_iframe.png │ │ │ ├── OWASP_ZAP_WebSockets.png │ │ │ ├── Storage-xss.png │ │ │ ├── WebSocket_Client.png │ │ │ └── XSSI1.jpeg │ │ ├── index.md │ │ └── info.md │ ├── README.md │ ├── index.md │ └── info.md ├── 5-Reporting │ ├── README.md │ ├── index.md │ └── info.md ├── 6-Appendix │ ├── A-Testing_Tools_Resource.md │ ├── B-Suggested_Reading.md │ ├── C-Fuzz_Vectors.md │ ├── D-Encoded_Injection.md │ ├── E-History.md │ ├── README.md │ ├── index.md │ └── info.md ├── README.md ├── index.md └── info.md └── v42 ├── 0-Foreword ├── README.md ├── index.md └── info.md ├── 1-Frontispiece ├── README.md ├── images │ ├── Owasp_logo_icon.jpg │ └── follow_badge.png ├── index.md └── info.md ├── 2-Introduction ├── README.md ├── images │ ├── 640px-UseAndMisuseCase.png │ ├── ProportionSDLC.png │ ├── ProportionTest.png │ ├── SDLC.jpg │ └── WindowExposure.png ├── index.md └── info.md ├── 3-The_OWASP_Testing_Framework ├── 0-The_Web_Security_Testing_Framework.md ├── 1-Penetration_Testing_Methodologies.md ├── README.md ├── images │ └── Typical_SDLC_Testing_Workflow.gif ├── index.md └── info.md ├── 4-Web_Application_Security_Testing ├── 00-Introduction_and_Objectives │ ├── README.md │ ├── index.md │ └── info.md ├── 01-Information_Gathering │ ├── 01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage.md │ ├── 02-Fingerprint_Web_Server.md │ ├── 03-Review_Webserver_Metafiles_for_Information_Leakage.md │ ├── 04-Enumerate_Applications_on_Webserver.md │ ├── 05-Review_Webpage_Content_for_Information_Leakage.md │ ├── 06-Identify_Application_Entry_Points.md │ ├── 07-Map_Execution_Paths_Through_Application.md │ ├── 08-Fingerprint_Web_Application_Framework.md │ ├── 09-Fingerprint_Web_Application.md │ ├── 10-Map_Application_Architecture.md │ ├── README.md │ ├── images │ │ ├── 10_mod_security.jpg │ │ ├── Banshee_bottom_page.png │ │ ├── Cakephp_cookie.png │ │ ├── Drupal_botcha_disclosure.png │ │ ├── Google_cache_Operator_Search_Results_Example_20200406.png │ │ ├── Google_site_Operator_Search_Results_Example_20200406.png │ │ ├── Httprint.jpg │ │ ├── Netcraft2.png │ │ ├── OWASPZAPSP.png │ │ ├── Owasp-Info.jpg │ │ ├── Owasp-wappalyzer.png │ │ ├── Robots-info-disclosure.png │ │ ├── Whatweb-sample.png │ │ ├── Wordpress_dirbusting.png │ │ ├── Zk_html_source.png │ │ └── wp-syntaxerror.png │ ├── index.md │ └── info.md ├── 02-Configuration_and_Deployment_Management_Testing │ ├── 01-Test_Network_Infrastructure_Configuration.md │ ├── 02-Test_Application_Platform_Configuration.md │ ├── 03-Test_File_Extensions_Handling_for_Sensitive_Information.md │ ├── 04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information.md │ ├── 05-Enumerate_Infrastructure_and_Application_Admin_Interfaces.md │ ├── 06-Test_HTTP_Methods.md │ ├── 07-Test_HTTP_Strict_Transport_Security.md │ ├── 08-Test_RIA_Cross_Domain_Policy.md │ ├── 09-Test_File_Permission.md │ ├── 10-Test_for_Subdomain_Takeover.md │ ├── 11-Test_Cloud_Storage.md │ ├── README.md │ ├── images │ │ ├── subdomain_takeover_ex1.jpeg │ │ └── subdomain_takeover_ex2.jpeg │ ├── index.md │ └── info.md ├── 03-Identity_Management_Testing │ ├── 01-Test_Role_Definitions.md │ ├── 02-Test_User_Registration_Process.md │ ├── 03-Test_Account_Provisioning_Process.md │ ├── 04-Testing_for_Account_Enumeration_and_Guessable_User_Account.md │ ├── 05-Testing_for_Weak_or_Unenforced_Username_Policy.md │ ├── README.md │ ├── images │ │ ├── AuthenticationFailed.png │ │ ├── Google_registration_page.jpg │ │ ├── Userisnotactive.png │ │ ├── Wordpress_authandusers.png │ │ ├── Wordpress_registration_page.jpg │ │ └── Wordpress_useradd.png │ ├── index.md │ └── info.md ├── 04-Authentication_Testing │ ├── 01-Testing_for_Credentials_Transported_over_an_Encrypted_Channel.md │ ├── 02-Testing_for_Default_Credentials.md │ ├── 03-Testing_for_Weak_Lock_Out_Mechanism.md │ ├── 04-Testing_for_Bypassing_Authentication_Schema.md │ ├── 05-Testing_for_Vulnerable_Remember_Password.md │ ├── 06-Testing_for_Browser_Cache_Weaknesses.md │ ├── 07-Testing_for_Weak_Password_Policy.md │ ├── 08-Testing_for_Weak_Security_Question_Answer.md │ ├── 09-Testing_for_Weak_Password_Change_or_Reset_Functionalities.md │ ├── 10-Testing_for_Weaker_Authentication_in_Alternative_Channel.md │ ├── README.md │ ├── images │ │ ├── Basm-directreq.jpg │ │ ├── Basm-parammod.jpg │ │ ├── Basm-sessid.jpg │ │ ├── Basm-sessid2.jpg │ │ ├── Basm-sqlinj.jpg │ │ └── Basm-sqlinj2.gif │ ├── index.md │ └── info.md ├── 05-Authorization_Testing │ ├── 01-Testing_Directory_Traversal_File_Include.md │ ├── 02-Testing_for_Bypassing_Authorization_Schema.md │ ├── 03-Testing_for_Privilege_Escalation.md │ ├── 04-Testing_for_Insecure_Direct_Object_References.md │ ├── README.md │ ├── index.md │ └── info.md ├── 06-Session_Management_Testing │ ├── 01-Testing_for_Session_Management_Schema.md │ ├── 02-Testing_for_Cookies_Attributes.md │ ├── 03-Testing_for_Session_Fixation.md │ ├── 04-Testing_for_Exposed_Session_Variables.md │ ├── 05-Testing_for_Cross_Site_Request_Forgery.md │ ├── 06-Testing_for_Logout_Functionality.md │ ├── 07-Testing_Session_Timeout.md │ ├── 08-Testing_for_Session_Puzzling.md │ ├── 09-Testing_for_Session_Hijacking.md │ ├── README.md │ ├── images │ │ ├── Session_Riding_Firewall_Management.gif │ │ ├── Session_Riding_Firewall_Management_2.gif │ │ └── Session_riding.GIF │ ├── index.md │ └── info.md ├── 07-Input_Validation_Testing │ ├── 01-Testing_for_Reflected_Cross_Site_Scripting.md │ ├── 02-Testing_for_Stored_Cross_Site_Scripting.md │ ├── 03-Testing_for_HTTP_Verb_Tampering.md │ ├── 04-Testing_for_HTTP_Parameter_Pollution.md │ ├── 05-Testing_for_SQL_Injection.md │ ├── 05.1-Testing_for_Oracle.md │ ├── 05.2-Testing_for_MySQL.md │ ├── 05.3-Testing_for_SQL_Server.md │ ├── 05.4-Testing_PostgreSQL.md │ ├── 05.5-Testing_for_MS_Access.md │ ├── 05.6-Testing_for_NoSQL_Injection.md │ ├── 05.7-Testing_for_ORM_Injection.md │ ├── 05.8-Testing_for_Client-side.md │ ├── 06-Testing_for_LDAP_Injection.md │ ├── 07-Testing_for_XML_Injection.md │ ├── 08-Testing_for_SSI_Injection.md │ ├── 09-Testing_for_XPath_Injection.md │ ├── 10-Testing_for_IMAP_SMTP_Injection.md │ ├── 11-Testing_for_Code_Injection.md │ ├── 11.1-Testing_for_Local_File_Inclusion.md │ ├── 11.2-Testing_for_Remote_File_Inclusion.md │ ├── 12-Testing_for_Command_Injection.md │ ├── 13-Testing_for_Buffer_Overflow.md │ ├── 13-Testing_for_Format_String_Injection.md │ ├── 14-Testing_for_Incubated_Vulnerability.md │ ├── 15-Testing_for_HTTP_Splitting_Smuggling.md │ ├── 16-Testing_for_HTTP_Incoming_Requests.md │ ├── 17-Testing_for_Host_Header_Injection.md │ ├── 18-Testing_for_Server-side_Template_Injection.md │ ├── 19-Testing_for_Server-Side_Request_Forgery.md │ ├── README.md │ ├── images │ │ ├── Alert.png │ │ ├── Imap-smtp-injection.png │ │ ├── OPTIONS_verb_tampering.png │ │ ├── RubyBeef.png │ │ ├── SSTI_XVWA.jpeg │ │ ├── Stored_input_example.jpg │ │ ├── Stored_xss_example.jpg │ │ ├── XSS_Example1.png │ │ └── XSS_Example2.png │ ├── index.md │ └── info.md ├── 08-Testing_for_Error_Handling │ ├── 01-Testing_For_Improper_Error_Handling.md │ ├── 02-Testing_for_Stack_Traces.md │ ├── README.md │ ├── index.md │ └── info.md ├── 09-Testing_for_Weak_Cryptography │ ├── 01-Testing_for_Weak_Transport_Layer_Security.md │ ├── 02-Testing_for_Padding_Oracle.md │ ├── 03-Testing_for_Sensitive_Information_Sent_via_Unencrypted_Channels.md │ ├── 04-Testing_for_Weak_Encryption.md │ ├── README.md │ ├── images │ │ ├── SSL_Certificate_Validity_Testing_Firefox_Warning.gif │ │ └── SSL_Certificate_Validity_Testing_IE_Warning.gif │ ├── index.md │ └── info.md ├── 10-Business_Logic_Testing │ ├── 00-Introduction_to_Business_Logic.md │ ├── 01-Test_Business_Logic_Data_Validation.md │ ├── 02-Test_Ability_to_Forge_Requests.md │ ├── 03-Test_Integrity_Checks.md │ ├── 04-Test_for_Process_Timing.md │ ├── 05-Test_Number_of_Times_a_Function_Can_Be_Used_Limits.md │ ├── 06-Testing_for_the_Circumvention_of_Work_Flows.md │ ├── 07-Test_Defenses_Against_Application_Misuse.md │ ├── 08-Test_Upload_of_Unexpected_File_Types.md │ ├── 09-Test_Upload_of_Malicious_Files.md │ ├── README.md │ ├── images │ │ └── Control_Flow_of_Login_Form.jpg │ ├── index.md │ └── info.md ├── 11-Client-side_Testing │ ├── 01-Testing_for_DOM-based_Cross_Site_Scripting.md │ ├── 02-Testing_for_JavaScript_Execution.md │ ├── 03-Testing_for_HTML_Injection.md │ ├── 04-Testing_for_Client-side_URL_Redirect.md │ ├── 05-Testing_for_CSS_Injection.md │ ├── 06-Testing_for_Client-side_Resource_Manipulation.md │ ├── 07-Testing_Cross_Origin_Resource_Sharing.md │ ├── 08-Testing_for_Cross_Site_Flashing.md │ ├── 09-Testing_for_Clickjacking.md │ ├── 10-Testing_WebSockets.md │ ├── 11-Testing_Web_Messaging.md │ ├── 12-Testing_Browser_Storage.md │ ├── 13-Testing_for_Cross_Site_Script_Inclusion.md │ ├── README.md │ ├── images │ │ ├── Clickjacking_description.png │ │ ├── Clickjacking_example_malicious_page_1.png │ │ ├── Clickjacking_example_malicious_page_2.png │ │ ├── Clickjacking_example_malicious_page_3.png │ │ ├── Clickjacking_example_step2.png │ │ ├── Masked_iframe.png │ │ ├── OWASP_ZAP_WebSockets.png │ │ ├── Storage-xss.png │ │ ├── WebSocket_Client.png │ │ └── XSSI1.jpeg │ ├── index.md │ └── info.md ├── 12-API_Testing │ ├── 01-Testing_GraphQL.md │ ├── README.md │ ├── images │ │ ├── Playground1.png │ │ ├── Playground2.png │ │ ├── Voyager.png │ │ └── auth1.png │ ├── index.md │ └── info.md ├── README.md ├── index.md └── info.md ├── 5-Reporting ├── README.md ├── index.md └── info.md ├── 6-Appendix ├── A-Testing_Tools_Resource.md ├── B-Suggested_Reading.md ├── C-Fuzz_Vectors.md ├── D-Encoded_Injection.md ├── E-History.md ├── F-Leveraging_Dev_Tools.md ├── README.md ├── images │ ├── f_chrome_devtools_headers.png │ ├── f_chrome_devtools_offline.png │ ├── f_chrome_devtools_ua_switch.png │ ├── f_chrome_responsive_design_mode.png │ ├── f_firefox_cookie_edit.png │ ├── f_firefox_devtools_headers.png │ ├── f_firefox_devtools_offline.png │ ├── f_firefox_responsive_design_mode.png │ └── f_firefox_ua_switch.png ├── index.md └── info.md ├── README.md ├── index.md └── info.md /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/workflows/pr_comment.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.github/workflows/pr_comment.yml -------------------------------------------------------------------------------- /.github/workflows/validate-owasp-metadata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.github/workflows/validate-owasp-metadata.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/.gitignore -------------------------------------------------------------------------------- /404.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/404.html -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/Gemfile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/README.md -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_config.yml -------------------------------------------------------------------------------- /_data/latest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_data/latest.yaml -------------------------------------------------------------------------------- /_data/ow_attributions.json: -------------------------------------------------------------------------------- 1 | ["Patrick Tilley", "\u738b\u6893\u715c"] -------------------------------------------------------------------------------- /_data/stable.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_data/stable.yaml -------------------------------------------------------------------------------- /_data/v41.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_data/v41.yaml -------------------------------------------------------------------------------- /_data/v42.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_data/v42.yaml -------------------------------------------------------------------------------- /_includes/banner.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_includes/banner.html -------------------------------------------------------------------------------- /_includes/breadcrumb.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_includes/breadcrumb.html -------------------------------------------------------------------------------- /_includes/navigation.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/_includes/navigation.html -------------------------------------------------------------------------------- /assets/archive/182px-OWTGv4_Cover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/182px-OWTGv4_Cover.png -------------------------------------------------------------------------------- /assets/archive/455px-OWTGv4_Cover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/455px-OWTGv4_Cover.png -------------------------------------------------------------------------------- /assets/archive/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_Presentation.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_Presentation.zip -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_Presentation_EUSecWest07.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_Presentation_EUSecWest07.zip -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_v1.pdf -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_v2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_v2.pdf -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_v2_doc.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_v2_doc.zip -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_v2_spanish_doc.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_v2_spanish_doc.zip -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_v3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_v3.pdf -------------------------------------------------------------------------------- /assets/archive/OWASP_Testing_Guide_v4.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Testing_Guide_v4.pdf -------------------------------------------------------------------------------- /assets/archive/OWASP_Web_Application_Penetration_Checklist_v1_1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWASP_Web_Application_Penetration_Checklist_v1_1.pdf -------------------------------------------------------------------------------- /assets/archive/OWTGv4_Cover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/archive/OWTGv4_Cover.png -------------------------------------------------------------------------------- /assets/images/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/assets/images/README.md -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/index.md -------------------------------------------------------------------------------- /info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/info.md -------------------------------------------------------------------------------- /latest/0-Foreword/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/0-Foreword/README.md -------------------------------------------------------------------------------- /latest/0-Foreword/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/0-Foreword/index.md -------------------------------------------------------------------------------- /latest/0-Foreword/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/0-Foreword/info.md -------------------------------------------------------------------------------- /latest/1-Frontispiece/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/1-Frontispiece/README.md -------------------------------------------------------------------------------- /latest/1-Frontispiece/images/Owasp_logo_icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/1-Frontispiece/images/Owasp_logo_icon.jpg -------------------------------------------------------------------------------- /latest/1-Frontispiece/images/follow_badge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/1-Frontispiece/images/follow_badge.png -------------------------------------------------------------------------------- /latest/1-Frontispiece/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/1-Frontispiece/index.md -------------------------------------------------------------------------------- /latest/1-Frontispiece/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/1-Frontispiece/info.md -------------------------------------------------------------------------------- /latest/2-Introduction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/README.md -------------------------------------------------------------------------------- /latest/2-Introduction/images/640px-UseAndMisuseCase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/images/640px-UseAndMisuseCase.png -------------------------------------------------------------------------------- /latest/2-Introduction/images/ProportionSDLC.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/images/ProportionSDLC.png -------------------------------------------------------------------------------- /latest/2-Introduction/images/ProportionTest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/images/ProportionTest.png -------------------------------------------------------------------------------- /latest/2-Introduction/images/SDLC.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/images/SDLC.jpg -------------------------------------------------------------------------------- /latest/2-Introduction/images/WindowExposure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/images/WindowExposure.png -------------------------------------------------------------------------------- /latest/2-Introduction/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/index.md -------------------------------------------------------------------------------- /latest/2-Introduction/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/2-Introduction/info.md -------------------------------------------------------------------------------- /latest/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md -------------------------------------------------------------------------------- /latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md -------------------------------------------------------------------------------- /latest/3-The_OWASP_Testing_Framework/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/3-The_OWASP_Testing_Framework/README.md -------------------------------------------------------------------------------- /latest/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif -------------------------------------------------------------------------------- /latest/3-The_OWASP_Testing_Framework/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/3-The_OWASP_Testing_Framework/index.md -------------------------------------------------------------------------------- /latest/3-The_OWASP_Testing_Framework/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/3-The_OWASP_Testing_Framework/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/wp-syntaxerror.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/images/wp-syntaxerror.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/01-Information_Gathering/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/01-Information_Gathering/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/05-Authorization_Testing/05-Testing_for_OAuth_Weaknesses.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/05-Testing_for_OAuth_Weaknesses.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/05-Authorization_Testing/images/Basm-directreq.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/images/Basm-directreq.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/05-Authorization_Testing/images/token-injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/images/token-injection.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/10-Testing_JSON_Web_Tokens.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client-side.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client-side.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/10-Test-Payment-Functionality.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/10-Test-Payment-Functionality.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/14-Testing_for_Reverse_Tabnabbing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/14-Testing_for_Reverse_Tabnabbing.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Clickjacking_description.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Clickjacking_description.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Masked_iframe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Masked_iframe.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/OWASP_ZAP_WebSockets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/OWASP_ZAP_WebSockets.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Storage-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Storage-xss.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/WebSocket_Client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/WebSocket_Client.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSSI1.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSSI1.jpeg -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/11-Client-side_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/00-API_Testing_Overview.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/01-API_Reconnaissance.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/01-API_Reconnaissance.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/02-API_Broken_Object_Level_Authorization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/02-API_Broken_Object_Level_Authorization.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/99-Testing_GraphQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/99-Testing_GraphQL.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/images/Playground1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/images/Playground1.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/images/Playground2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/images/Playground2.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/images/Voyager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/images/Voyager.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/images/auth1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/images/auth1.png -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/12-API_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/12-API_Testing/info.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/README.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/index.md -------------------------------------------------------------------------------- /latest/4-Web_Application_Security_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/4-Web_Application_Security_Testing/info.md -------------------------------------------------------------------------------- /latest/5-Reporting/01-Reporting_Structure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/5-Reporting/01-Reporting_Structure.md -------------------------------------------------------------------------------- /latest/5-Reporting/02-Naming_Schemes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/5-Reporting/02-Naming_Schemes.md -------------------------------------------------------------------------------- /latest/5-Reporting/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/5-Reporting/README.md -------------------------------------------------------------------------------- /latest/5-Reporting/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/5-Reporting/index.md -------------------------------------------------------------------------------- /latest/5-Reporting/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/5-Reporting/info.md -------------------------------------------------------------------------------- /latest/6-Appendix/A-Testing_Tools_Resource.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/A-Testing_Tools_Resource.md -------------------------------------------------------------------------------- /latest/6-Appendix/B-Suggested_Reading.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/B-Suggested_Reading.md -------------------------------------------------------------------------------- /latest/6-Appendix/C-Fuzzing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/C-Fuzzing.md -------------------------------------------------------------------------------- /latest/6-Appendix/D-Encoded_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/D-Encoded_Injection.md -------------------------------------------------------------------------------- /latest/6-Appendix/E-History.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/E-History.md -------------------------------------------------------------------------------- /latest/6-Appendix/F-Leveraging_Dev_Tools.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/F-Leveraging_Dev_Tools.md -------------------------------------------------------------------------------- /latest/6-Appendix/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/README.md -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_chrome_devtools_headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_chrome_devtools_headers.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_chrome_devtools_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_chrome_devtools_offline.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_chrome_devtools_ua_switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_chrome_devtools_ua_switch.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_chrome_responsive_design_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_chrome_responsive_design_mode.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_firefox_cookie_edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_firefox_cookie_edit.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_firefox_devtools_headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_firefox_devtools_headers.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_firefox_devtools_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_firefox_devtools_offline.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_firefox_responsive_design_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_firefox_responsive_design_mode.png -------------------------------------------------------------------------------- /latest/6-Appendix/images/f_firefox_ua_switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/images/f_firefox_ua_switch.png -------------------------------------------------------------------------------- /latest/6-Appendix/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/index.md -------------------------------------------------------------------------------- /latest/6-Appendix/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/6-Appendix/info.md -------------------------------------------------------------------------------- /latest/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/README.md -------------------------------------------------------------------------------- /latest/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/index.md -------------------------------------------------------------------------------- /latest/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/latest/info.md -------------------------------------------------------------------------------- /leaders.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/leaders.md -------------------------------------------------------------------------------- /project.owasp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/project.owasp.yaml -------------------------------------------------------------------------------- /stable/0-Foreword/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/0-Foreword/README.md -------------------------------------------------------------------------------- /stable/0-Foreword/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/0-Foreword/index.md -------------------------------------------------------------------------------- /stable/0-Foreword/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/0-Foreword/info.md -------------------------------------------------------------------------------- /stable/1-Frontispiece/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/1-Frontispiece/README.md -------------------------------------------------------------------------------- /stable/1-Frontispiece/images/Owasp_logo_icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/1-Frontispiece/images/Owasp_logo_icon.jpg -------------------------------------------------------------------------------- /stable/1-Frontispiece/images/follow_badge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/1-Frontispiece/images/follow_badge.png -------------------------------------------------------------------------------- /stable/1-Frontispiece/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/1-Frontispiece/index.md -------------------------------------------------------------------------------- /stable/1-Frontispiece/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/1-Frontispiece/info.md -------------------------------------------------------------------------------- /stable/2-Introduction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/README.md -------------------------------------------------------------------------------- /stable/2-Introduction/images/640px-UseAndMisuseCase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/images/640px-UseAndMisuseCase.png -------------------------------------------------------------------------------- /stable/2-Introduction/images/ProportionSDLC.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/images/ProportionSDLC.png -------------------------------------------------------------------------------- /stable/2-Introduction/images/ProportionTest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/images/ProportionTest.png -------------------------------------------------------------------------------- /stable/2-Introduction/images/SDLC.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/images/SDLC.jpg -------------------------------------------------------------------------------- /stable/2-Introduction/images/WindowExposure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/images/WindowExposure.png -------------------------------------------------------------------------------- /stable/2-Introduction/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/index.md -------------------------------------------------------------------------------- /stable/2-Introduction/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/2-Introduction/info.md -------------------------------------------------------------------------------- /stable/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md -------------------------------------------------------------------------------- /stable/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md -------------------------------------------------------------------------------- /stable/3-The_OWASP_Testing_Framework/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/3-The_OWASP_Testing_Framework/README.md -------------------------------------------------------------------------------- /stable/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif -------------------------------------------------------------------------------- /stable/3-The_OWASP_Testing_Framework/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/3-The_OWASP_Testing_Framework/index.md -------------------------------------------------------------------------------- /stable/3-The_OWASP_Testing_Framework/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/3-The_OWASP_Testing_Framework/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/10_mod_security.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/10_mod_security.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/wp-syntaxerror.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/images/wp-syntaxerror.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/01-Information_Gathering/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/01-Information_Gathering/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Masked_iframe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Masked_iframe.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/OWASP_ZAP_WebSockets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/OWASP_ZAP_WebSockets.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Storage-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Storage-xss.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/WebSocket_Client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/WebSocket_Client.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSSI1.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSSI1.jpeg -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/11-Client-side_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/11-Client-side_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/images/Playground1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/images/Playground1.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/images/Playground2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/images/Playground2.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/images/Voyager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/images/Voyager.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/images/auth1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/images/auth1.png -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/12-API_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/12-API_Testing/info.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/README.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/index.md -------------------------------------------------------------------------------- /stable/4-Web_Application_Security_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/4-Web_Application_Security_Testing/info.md -------------------------------------------------------------------------------- /stable/5-Reporting/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/5-Reporting/README.md -------------------------------------------------------------------------------- /stable/5-Reporting/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/5-Reporting/index.md -------------------------------------------------------------------------------- /stable/5-Reporting/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/5-Reporting/info.md -------------------------------------------------------------------------------- /stable/6-Appendix/A-Testing_Tools_Resource.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/A-Testing_Tools_Resource.md -------------------------------------------------------------------------------- /stable/6-Appendix/B-Suggested_Reading.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/B-Suggested_Reading.md -------------------------------------------------------------------------------- /stable/6-Appendix/C-Fuzz_Vectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/C-Fuzz_Vectors.md -------------------------------------------------------------------------------- /stable/6-Appendix/D-Encoded_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/D-Encoded_Injection.md -------------------------------------------------------------------------------- /stable/6-Appendix/E-History.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/E-History.md -------------------------------------------------------------------------------- /stable/6-Appendix/F-Leveraging_Dev_Tools.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/F-Leveraging_Dev_Tools.md -------------------------------------------------------------------------------- /stable/6-Appendix/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/README.md -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_chrome_devtools_headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_chrome_devtools_headers.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_chrome_devtools_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_chrome_devtools_offline.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_chrome_devtools_ua_switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_chrome_devtools_ua_switch.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_chrome_responsive_design_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_chrome_responsive_design_mode.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_firefox_cookie_edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_firefox_cookie_edit.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_firefox_devtools_headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_firefox_devtools_headers.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_firefox_devtools_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_firefox_devtools_offline.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_firefox_responsive_design_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_firefox_responsive_design_mode.png -------------------------------------------------------------------------------- /stable/6-Appendix/images/f_firefox_ua_switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/images/f_firefox_ua_switch.png -------------------------------------------------------------------------------- /stable/6-Appendix/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/index.md -------------------------------------------------------------------------------- /stable/6-Appendix/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/6-Appendix/info.md -------------------------------------------------------------------------------- /stable/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/README.md -------------------------------------------------------------------------------- /stable/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/index.md -------------------------------------------------------------------------------- /stable/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/stable/info.md -------------------------------------------------------------------------------- /tab_downloads.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/tab_downloads.md -------------------------------------------------------------------------------- /tab_faq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/tab_faq.md -------------------------------------------------------------------------------- /v41/0-Foreword/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/0-Foreword/README.md -------------------------------------------------------------------------------- /v41/0-Foreword/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/0-Foreword/index.md -------------------------------------------------------------------------------- /v41/0-Foreword/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/0-Foreword/info.md -------------------------------------------------------------------------------- /v41/1-Frontispiece/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/1-Frontispiece/README.md -------------------------------------------------------------------------------- /v41/1-Frontispiece/images/Owasp_logo_icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/1-Frontispiece/images/Owasp_logo_icon.jpg -------------------------------------------------------------------------------- /v41/1-Frontispiece/images/follow_badge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/1-Frontispiece/images/follow_badge.png -------------------------------------------------------------------------------- /v41/1-Frontispiece/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/1-Frontispiece/index.md -------------------------------------------------------------------------------- /v41/1-Frontispiece/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/1-Frontispiece/info.md -------------------------------------------------------------------------------- /v41/2-Introduction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/README.md -------------------------------------------------------------------------------- /v41/2-Introduction/images/640px-UseAndMisuseCase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/images/640px-UseAndMisuseCase.png -------------------------------------------------------------------------------- /v41/2-Introduction/images/ProportionSDLC.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/images/ProportionSDLC.png -------------------------------------------------------------------------------- /v41/2-Introduction/images/ProportionTest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/images/ProportionTest.png -------------------------------------------------------------------------------- /v41/2-Introduction/images/SDLC.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/images/SDLC.jpg -------------------------------------------------------------------------------- /v41/2-Introduction/images/WindowExposure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/images/WindowExposure.png -------------------------------------------------------------------------------- /v41/2-Introduction/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/index.md -------------------------------------------------------------------------------- /v41/2-Introduction/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/2-Introduction/info.md -------------------------------------------------------------------------------- /v41/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md -------------------------------------------------------------------------------- /v41/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md -------------------------------------------------------------------------------- /v41/3-The_OWASP_Testing_Framework/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/3-The_OWASP_Testing_Framework/README.md -------------------------------------------------------------------------------- /v41/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif -------------------------------------------------------------------------------- /v41/3-The_OWASP_Testing_Framework/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/3-The_OWASP_Testing_Framework/index.md -------------------------------------------------------------------------------- /v41/3-The_OWASP_Testing_Framework/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/3-The_OWASP_Testing_Framework/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Drupal_botcha_disclosure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Drupal_botcha_disclosure.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/01-Information_Gathering/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/01-Information_Gathering/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/NoConfFound.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/NoConfFound.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client_Side.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_for_Error_Code.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/03-Testing_for_HTML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/03-Testing_for_HTML_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/05-Testing_for_CSS_Injection.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/08-Testing_for_Cross_Site_Flashing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/08-Testing_for_Cross_Site_Flashing.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/09-Testing_for_Clickjacking.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/10-Testing_WebSockets.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/11-Testing_Web_Messaging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/11-Testing_Web_Messaging.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Browser_Storage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/12-Testing_Browser_Storage.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_description.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_description.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_step2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Clickjacking_example_step2.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Masked_iframe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Masked_iframe.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/OWASP_ZAP_WebSockets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/OWASP_ZAP_WebSockets.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Storage-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/Storage-xss.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/WebSocket_Client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/WebSocket_Client.png -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/XSSI1.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/images/XSSI1.jpeg -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/info.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/README.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/index.md -------------------------------------------------------------------------------- /v41/4-Web_Application_Security_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/4-Web_Application_Security_Testing/info.md -------------------------------------------------------------------------------- /v41/5-Reporting/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/5-Reporting/README.md -------------------------------------------------------------------------------- /v41/5-Reporting/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/5-Reporting/index.md -------------------------------------------------------------------------------- /v41/5-Reporting/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/5-Reporting/info.md -------------------------------------------------------------------------------- /v41/6-Appendix/A-Testing_Tools_Resource.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/A-Testing_Tools_Resource.md -------------------------------------------------------------------------------- /v41/6-Appendix/B-Suggested_Reading.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/B-Suggested_Reading.md -------------------------------------------------------------------------------- /v41/6-Appendix/C-Fuzz_Vectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/C-Fuzz_Vectors.md -------------------------------------------------------------------------------- /v41/6-Appendix/D-Encoded_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/D-Encoded_Injection.md -------------------------------------------------------------------------------- /v41/6-Appendix/E-History.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/E-History.md -------------------------------------------------------------------------------- /v41/6-Appendix/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/README.md -------------------------------------------------------------------------------- /v41/6-Appendix/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/index.md -------------------------------------------------------------------------------- /v41/6-Appendix/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/6-Appendix/info.md -------------------------------------------------------------------------------- /v41/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/README.md -------------------------------------------------------------------------------- /v41/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/index.md -------------------------------------------------------------------------------- /v41/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v41/info.md -------------------------------------------------------------------------------- /v42/0-Foreword/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/0-Foreword/README.md -------------------------------------------------------------------------------- /v42/0-Foreword/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/0-Foreword/index.md -------------------------------------------------------------------------------- /v42/0-Foreword/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/0-Foreword/info.md -------------------------------------------------------------------------------- /v42/1-Frontispiece/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/1-Frontispiece/README.md -------------------------------------------------------------------------------- /v42/1-Frontispiece/images/Owasp_logo_icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/1-Frontispiece/images/Owasp_logo_icon.jpg -------------------------------------------------------------------------------- /v42/1-Frontispiece/images/follow_badge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/1-Frontispiece/images/follow_badge.png -------------------------------------------------------------------------------- /v42/1-Frontispiece/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/1-Frontispiece/index.md -------------------------------------------------------------------------------- /v42/1-Frontispiece/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/1-Frontispiece/info.md -------------------------------------------------------------------------------- /v42/2-Introduction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/README.md -------------------------------------------------------------------------------- /v42/2-Introduction/images/640px-UseAndMisuseCase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/images/640px-UseAndMisuseCase.png -------------------------------------------------------------------------------- /v42/2-Introduction/images/ProportionSDLC.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/images/ProportionSDLC.png -------------------------------------------------------------------------------- /v42/2-Introduction/images/ProportionTest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/images/ProportionTest.png -------------------------------------------------------------------------------- /v42/2-Introduction/images/SDLC.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/images/SDLC.jpg -------------------------------------------------------------------------------- /v42/2-Introduction/images/WindowExposure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/images/WindowExposure.png -------------------------------------------------------------------------------- /v42/2-Introduction/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/index.md -------------------------------------------------------------------------------- /v42/2-Introduction/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/2-Introduction/info.md -------------------------------------------------------------------------------- /v42/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/3-The_OWASP_Testing_Framework/0-The_Web_Security_Testing_Framework.md -------------------------------------------------------------------------------- /v42/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies.md -------------------------------------------------------------------------------- /v42/3-The_OWASP_Testing_Framework/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/3-The_OWASP_Testing_Framework/README.md -------------------------------------------------------------------------------- /v42/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/3-The_OWASP_Testing_Framework/images/Typical_SDLC_Testing_Workflow.gif -------------------------------------------------------------------------------- /v42/3-The_OWASP_Testing_Framework/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/3-The_OWASP_Testing_Framework/index.md -------------------------------------------------------------------------------- /v42/3-The_OWASP_Testing_Framework/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/3-The_OWASP_Testing_Framework/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/09-Fingerprint_Web_Application.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/10-Map_Application_Architecture.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/10_mod_security.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/10_mod_security.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Banshee_bottom_page.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Cakephp_cookie.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Drupal_botcha_disclosure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Drupal_botcha_disclosure.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Httprint.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Netcraft2.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/OWASPZAPSP.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-Info.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Owasp-wappalyzer.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Robots-info-disclosure.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Whatweb-sample.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Wordpress_dirbusting.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/Zk_html_source.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/wp-syntaxerror.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/images/wp-syntaxerror.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/01-Information_Gathering/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/01-Information_Gathering/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/01-Test_Role_Definitions.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Userisnotactive.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/images/Wordpress_useradd.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-directreq.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-parammod.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sessid2.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/images/Basm-sqlinj2.gif -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/07-Testing_Session_Timeout.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/images/Session_riding.GIF -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.1-Testing_for_Oracle.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.2-Testing_for_MySQL.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.3-Testing_for_SQL_Server.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.4-Testing_PostgreSQL.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client-side.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.8-Testing_for_Client-side.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/06-Testing_for_LDAP_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/07-Testing_for_XML_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/08-Testing_for_SSI_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Alert.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Imap-smtp-injection.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/RubyBeef.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/SSTI_XVWA.jpeg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_input_example.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/Stored_xss_example.jpg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example1.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/images/XSS_Example2.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/03-Test_Integrity_Checks.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/04-Test_for_Process_Timing.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/10-Business_Logic_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/05-Testing_for_CSS_Injection.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/08-Testing_for_Cross_Site_Flashing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/08-Testing_for_Cross_Site_Flashing.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/11-Testing_Web_Messaging.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/12-Testing_Browser_Storage.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Clickjacking_description.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Clickjacking_description.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Clickjacking_example_step2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Clickjacking_example_step2.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Masked_iframe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Masked_iframe.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/OWASP_ZAP_WebSockets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/OWASP_ZAP_WebSockets.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Storage-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/Storage-xss.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/WebSocket_Client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/WebSocket_Client.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSSI1.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/images/XSSI1.jpeg -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/11-Client-side_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/images/Playground1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/images/Playground1.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/images/Playground2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/images/Playground2.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/images/Voyager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/images/Voyager.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/images/auth1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/images/auth1.png -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/12-API_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/12-API_Testing/info.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/README.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/index.md -------------------------------------------------------------------------------- /v42/4-Web_Application_Security_Testing/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/4-Web_Application_Security_Testing/info.md -------------------------------------------------------------------------------- /v42/5-Reporting/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/5-Reporting/README.md -------------------------------------------------------------------------------- /v42/5-Reporting/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/5-Reporting/index.md -------------------------------------------------------------------------------- /v42/5-Reporting/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/5-Reporting/info.md -------------------------------------------------------------------------------- /v42/6-Appendix/A-Testing_Tools_Resource.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/A-Testing_Tools_Resource.md -------------------------------------------------------------------------------- /v42/6-Appendix/B-Suggested_Reading.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/B-Suggested_Reading.md -------------------------------------------------------------------------------- /v42/6-Appendix/C-Fuzz_Vectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/C-Fuzz_Vectors.md -------------------------------------------------------------------------------- /v42/6-Appendix/D-Encoded_Injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/D-Encoded_Injection.md -------------------------------------------------------------------------------- /v42/6-Appendix/E-History.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/E-History.md -------------------------------------------------------------------------------- /v42/6-Appendix/F-Leveraging_Dev_Tools.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/F-Leveraging_Dev_Tools.md -------------------------------------------------------------------------------- /v42/6-Appendix/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/README.md -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_chrome_devtools_headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_chrome_devtools_headers.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_chrome_devtools_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_chrome_devtools_offline.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_chrome_devtools_ua_switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_chrome_devtools_ua_switch.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_chrome_responsive_design_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_chrome_responsive_design_mode.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_firefox_cookie_edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_firefox_cookie_edit.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_firefox_devtools_headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_firefox_devtools_headers.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_firefox_devtools_offline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_firefox_devtools_offline.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_firefox_responsive_design_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_firefox_responsive_design_mode.png -------------------------------------------------------------------------------- /v42/6-Appendix/images/f_firefox_ua_switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/images/f_firefox_ua_switch.png -------------------------------------------------------------------------------- /v42/6-Appendix/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/index.md -------------------------------------------------------------------------------- /v42/6-Appendix/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/6-Appendix/info.md -------------------------------------------------------------------------------- /v42/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/README.md -------------------------------------------------------------------------------- /v42/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/index.md -------------------------------------------------------------------------------- /v42/info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-web-security-testing-guide/HEAD/v42/info.md --------------------------------------------------------------------------------